2012-03-21 20:07
浏览 163


Php has a method escapeshellcmd() that escapes any characters in a string that might be used to trick a shell command into executing arbitrary commands.

exec(find /music -type f -iname '*mp3'", $arrSongPaths);
echo $arrSongPaths[0] //prints It Won´t Be Long.mp3;
echo escapeshellcmd($arrSongPaths[0]) //prints It Wont Be Long.mp3;

Is there a way to write a shell script that will recursively rename filenames (in particular *mp3) with special characters escaped?

I tried to do this in php

$escapedSongPath = escapeshellarg($arrSongPaths[0]);    
exec("mv $arrSongPaths[0] $escapedSongPath");

but that didn't work. Anyways the last line of code is unsafe since you're executing a command with a potentially dangerous filename $arrSongPaths[0].

图片转代码服务由CSDN问答提供 功能建议

Php有一个方法 escapeshellcmd(),可以转义字符串中可能存在的任何字符 用于欺骗shell命令执行任意命令。

exec(find / music -type f -iname'* mp3'“,$ arrSongPaths);  
echo $ arrSongPaths [0] //打印它不是Long.mp3; 
echo escapeshellcmd($ arrSongPaths [0])//打印它不会长.mp3; 

有没有办法编写一个shell脚本,它会递归重命名文件名(特别是* mp3)并转换特殊字符?

I 试图在php中执行此操作

  $ escapedSongPath = escapeshellarg($ arrSongPaths [0]); 
exec(“mv $ arrSongPaths [0] $ escapedSongPath”); 
 <  / code>  

但是没有用。无论如何,最后一行代码是不安全的,因为你正在执行一个带有潜在危险文件名的命令 $ arrSongPaths [0] < /code>.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • douchan6512 2012-03-21 20:31

    For the love of all things security related why aren't you using the php rename command - it doesn't suffer from any shell escape issues. replace the exec("mv ...") with:

    rename($arrSongPaths[0], $escapedSongPath)

    ... and check for errors.

    And instead of using exec(find...) use the recursive_glob tip from the glob php operation page.

    点赞 评论

相关推荐 更多相似问题